Search This Blog

A SOC is cooking - with a sprinkle of Machine Learning and SRE

This week sees the start of an exciting new chapter in our ever-maturing InfoSec story, with our Group Security team forming a new Security Operations Centre (SOC).

It has been founded using key staff from our existing Network Information Security (NIS) and AppSec analyst capabilities and I believe we are taking an interesting approach to the its creation that sees us using our ASV (Surecloud) as our first internal SOC client:

The rationale is simple - Surecloud's consultants are tasked with poking and probing our applications, network and supporting infrastructure (all BAU as part of our PCI-DSS routines), and our SOC is challenged to be able to report back to the testers what it is they did.

To achieve this the new SOC team has been empowered (provided time, creative freedom, engineering resource access and budget) to architect whichever technical solution(s) they require to be gain the required insight, and so a Red/Blue team dynamic is born between 'them' and the 'outside'; a relationship that through regular iteration, investment and evolution will result in continual improvement and maturation into the best SOC capability our Group of brands will require.

Sounds easy but of course there are many key steps required to enable such insight, intelligence, alerting and reporting, and we are only at the start of this journey.

Whilst we have mature SIEM and other InfoSec solutions in place that are backed by external SOC centres, we felt that an in-house SOC capability be an important new string to our Security bow. Having internal SOC staff able to directly converse and share their dashboards with our technicians, engineers and product owners at a level that is both application-aware and 'trusted' breaks through the restriction a 3rd party SOC may be held back by as a result of distance. An internal SOC also offers faster remediation where human effort for remediation is required. However, our aim is for human intervention to be minimal and for automation to run the ship...which brings me on to the flip side of this coin...

Whilst not quite operating within the aspirational Google 'Site Reliability Engineering' (SRE) model of engineering, all of these supporting functions do a great job of keeping our brand's services available and responsive for our customers.

However - and paying attention to SRE's teachings - we wish to maintain a lean SOC team that is reliant on automation, and it is here that we believe ML will play a key role that can ensure we are able to remain lean but also be highly effective.

As you may imagine, a Group of our size generates an array of data that is rich food for a SOC that aims to be supported by a ML capability. The sheer data volumes dictate that signature-based and algorithmic detection won't offer sufficient protection and SOC insight. A SOC built upon the guiding principles of SRE and supported by ML (yes, I know I'm a keen user of acronyms) will ensure that SOC investment remain appropriate and service level objectives be met. Happy Tech. Happy Business. Happy Board.

Comments

Post a Comment

Popular posts from this blog

It's been quite a journey for me, to date, as I find my way along the twisty path that is understanding GDPR.

Through attempting to better understand what 'compliance' for the Photobox Group looks like, and in a renewed attempt to better understand its likely impact upon us, something I've found hard to find are good examples of 'GDPR compliant' user interfaces for eCommerce around the provision of user consent.

Ultimately we need to ensure that for each and every GDPR-relevant interaction our brands have with our customer's data, we have their appropriate consent.

The question is, how granular the explicit Opt-In requirements need to be?

The ICO does a good job of publishing high-level 'consent guidelines' as below:Explicit consent requires a very clear and specific statement of consent. Keep your consent requests separate from other terms and conditions.Be specific and granular. Vague or blanket consent is not enough.Name any third parties who wi…

It's been a busy few months as I moved from a wonderful few years spent with the Photobox Group to becoming Chief Executive for Conosco.

Playing to my 'purple' nature, here are some simple numbers to tell the tale of my first month as a CEO: 1 - organisational restructure0 - resulting redundancies4 - new members appointed to a newly-created Leadership Team spanning the UK and South Africa1 - tailored leadership skills course completed by the new Leadership Team20 - minutes that each leadership team member was asked by me to spend completing a self-analysis questionnaire~0 - the number of cynics asked to engage with the exercise1 professional lifetime - the time that the positive impact the individual questionnaire results that were presented to them will last on each of them (ask them, they agree.)62 minutes - the time it took us to escape from 'Escape Rooms' in London32 - the floor we ate lunch at in the Shard where we celebrated our offsite as a new Leadership te…

Business culture is a topic that I frequently see popping up on my LinkedIn feed, and something I'm deeply passionate about.

Many of us have read the famous Netflix slide deck that describes their own business culture, and even last night whilst digesting the day's technology news I read an analysis of Bezos' meeting culture in a digital broadsheet.

For my business - Conosco - the culture I joined and the culture I knew that I would be proud to lead and be associated with, have maintained a high position in my everyday thoughts whether on my morning drive to work, walking through the streets of London at lunchtime or sitting with my young children as they fall asleep at night after their bedtime story.

Having just spent a week with our teams based in South Africa, it's become ever more apparent to me that a relatively small number of leadership values and habits can help to drive what I feel are the most valuable team member behaviours to support our business culture.